VeirSign Security Reviews

Current News Updates

VeriSign Security Review - February 2007

While at RSA, stop by the VeriSign booth #1409 for more on our layered, systematic approach to mitigating threats to user confidence, network security, and growth of the digital economy. The exhibit features our new VeriSign Secure Site Pro with EV SSL Certificates and the VeriSign Identity Protection (VIP) suite of services. Experts in managed security, PKI, security consulting, and enterprise mobility will also be on hand to demonstrate VeriSign services.

Though Microsoft's latest security bulletin included only three critical vulnerabilities, all of them are in widely used products, and hackers will doubtless launch concerted attempts to exploit them. All VeriSign customers are urged to read Microsoft's bulletins and download patches as appropriate.

Hot Topics

Sclavos Makes Security Simple in RSA Keynote

Stratton Sclavos, Chairman and CEO of VeriSign, will give a keynote presentation entitled “Security Made Simple” at the RSA 2007 Conference, which takes place in San Francisco on February 5-9, 2007.

Sclavos' theme is that this is the “Any Era,” when millions of users interact via laptops, PDAs and cell phones anywhere, anytime, across any network. They expect to choose how, when, and where they communicate and conduct commerce. But along with digital freedom comes new security threats. As enterprises rebuild architectures to provide legitimate users with easier, more integrated access to data of all kinds, criminals find new opportunities to attack networks, steal identities, and damage corporate reputations. Now more than ever, organizations need an interdependent approach to identity management as well as expert assistance in enabling and protecting networked interactions.

In his keynote, Sclavos will describe “day in the life” overviews of typical consumers and their everyday needs for digital infrastructure to enable and protect their communications, commerce, content, and information while at the same time making these services simple and secure. He will also describe how VeriSign and others are currently taking Internet security to the next level through Extended Validation (EV) SSL, the biggest advancements to online security in the past 10 years which will benefit consumers and businesses alike.

Although there is no single “magic bullet” to resolve or prevent all digital security problems, a layered, systematic approach is the best protection for an organization. Sclavos will speak briefly about how the VeriSign approach helps protect users, enterprises, and/or networks with a number of key product and service offerings. These include VeriSign Managed Security Services (MSS), which have helped hundreds of the largest organizations in the world reduce security risks to reputation, operations, and compliance through better threat detection, superior analysis, and prioritized response.

Get the Green Light for Your Online Business

This year, consumers and businesses are going to start looking for a green address bar on every Web site they visit. When sites have Extended Validation (EV) SSL certificates, the Microsoft® Internet Explorer 7 address bar turns green and displays the name of the certificate owner and the verifying Certificate Authority-so it's more important than ever to go with the name customers prefer most. VeriSign is the SSL Certificate provider of choice for more than 93% of the Fortune 500 and the world's 40 largest banks.

The security status bar shows that the transaction is encrypted and the organization has been authenticated according to the most rigorous industry standards. All VeriSign EV SSL Certificates come with EV Upgrader™ (a $300 value), the first-ever technology that automatically enables all visiting Microsoft Windows XP clients to see the green bar on your site. Without EV Upgrader, only Microsoft Windows Vista clients are sure to see the green address bar. (Find out more about SSL Security and Extended Validation. )

Millions of Internet users worldwide still use browsers and operating systems that will not connect at the strongest encryption level available to them unless there is an SGC-enabled certificate on the server. VeriSign SGC-enabled SSL Certificates enable 128- or 256-bit encryption for more than 99.9% of Internet users.

Combine the highest authentication available (EV) with the highest encryption available (SGC) and get VeriSign Secure Site Pro with EV. When you protect your site with Secure Site Pro with EV and display the VeriSign Secured™ Seal , your customers know that their transactions are secure and you are who you say you are.

HSBC USA Inc., the U.S. banking unit of one of the world's largest financial services companies, and VeriSign announced an agreement for HSBC USA to deploy the VeriSign Identity Protection (VIP) Fraud Detection Service (FDS) to enhance the protection it provides to customers to prevent identity theft and fraud.

“The VeriSign Fraud Detection Service provides additional online authentication and fraud monitoring, which will enhance the measures the bank already employs to safeguard customer information and assets when banking over the Internet,” said Martin Hayes, senior vice president and head of e-business, HSBC USA. “Protecting customers' accounts and identities is of paramount importance.”

Monthly Threat Summary

Though Microsoft's latest security bulletin included only three critical vulnerabilities, all of them are in widely used products, and hackers will doubtless launch concerted attempts to exploit them. All VeriSign customers are urged to read Microsoft's bulletins and download patches as appropriate.

The last few months of 2006 saw a widespread “professionalization” of cyber crime, and this trend is likely to continue. Hackers are creating ever-more-sophisticated phishing tools and virus authors are increasingly employing complex techniques to evade anti-virus software. Unfortunately, it is all too likely that the attacks and techniques launched in 2007 will make much of the cyber crime activity from the past year seem amateurish by comparison.

For example, over the past few weeks, several news articles have reported on a new, extremely sophisticated phishing kit that apparently is gaining widespread popularity in the underground. Rather than generating a new phishing Web site, the “Universal Man-in-the-Middle Phishing Kit” reportedly enables an attacker to establish a conduit between the victim and a legitimate Web site, and use it to steal information transmitted by the victim to the legitimate site. This is a very sophisticated attack technique, but the kit (with a simple, user-friendly interface) makes it available to even relatively unskilled cyber criminals. Perhaps the most worrisome feature of this phishing kit is that it can reportedly be used against any phishing Web site and intercept any sort of sensitive information.

Hackers have also come up with a new technique to make their computer viruses and other malicious code more difficult for anti-virus software to block. The technique, known as “dynamic code obfuscation,” involves automatically altering (“obfuscating”) a malicious code to make it undetectable by anti-virus filters, which look for specific strings of code when deciding what files to block. Two victims of the same code, in other words, would get two different versions of the code, each of them unrecognizable by anti-virus software.

News from VeriSign

VeriSign Powers NBX Video for Sports Fans

NBX, an online sports entertainment company, will use the new VeriSign® Intelligent Content Delivery Network (CDN) to help it deliver high-quality, secure podcasts and videocasts to sports fans via the Internet.

Open Media Network Selects VeriSign to Bring Full Screen, DVD-Quality Television Programs from the Internet—Right to TV Screens

Open Media Network (OMN) has selected VeriSign CDN to enable consumers to watch shows downloaded from omn.org on their television sets. Consumers can watch programs in DVD or HDTV quality on intelligent TVs using set top boxes.

The world's largest exhibition for the mobile industry is also a cutting-edge congress featuring the most prominent chief executives representing mobile operators, vendors, and content owners from across the world. Stratton Sclavos, Chairman and CEO of VeriSign, will be participating in two sessions: “Clash of cultures: who wins when entertainment and communications converge?” and “CEO strategies for growth: Can the mobile Web experience be anything but second best?”

TelecomNEXT, the communications and entertainment industry's collection of cutting-edge products and technologies, provides an exciting preview of the next revolutions in communications and entertainment